detect/alert: apply pd only actions to flow

Ticket #4394

(cherry picked from commit 6cf44fc839e8f1da820095928b5b25e7fc0a8521)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 7d6c7c833238177d00320f2704577ffea9c6f10e..f570fe94f90d2e9ebc07ed1df96c81b20c2df57d 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -275,7 +275,8 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
                 }
             }
 
-            if (s->flags & SIG_FLAG_IPONLY) {
+            /* IP-only and PD-only matches should apply to the flow */
+            if (s->flags & (SIG_FLAG_IPONLY | SIG_FLAG_PDONLY)) {
                 if (p->flow != NULL) {
                     RuleActionToFlow(s->action, p->flow);
                 }